第1页 / 共342页
第2页 / 共342页
第3页 / 共342页
第4页 / 共342页
第5页 / 共342页
第6页 / 共342页
第7页 / 共342页
第8页 / 共342页
Web Penetration Testing with Kali Linux.pdf
Preface
Chapter 1: Penetration Testing
and Setup
Web application Penetration Testing concepts
Penetration Testing methodology
Calculating risk
Kali Penetration Testing concepts
Step 1 – Reconnaissance
Step 2 – Target evaluation
Step 3 – Exploitation
Step 4 – Privilege Escalation
Step 5 – maintaining a foothold
Introducing Kali Linux
Kali system setup
Running Kali Linux from external media
Installing Kali Linux
Kali Linux and VM image first run
Kali toolset overview
Summary
Chapter 2: Reconnaissance
Reconnaissance objectives
Initial research
Company website
Web history sources
Regional Internet Registries (RIRs)
Electronic Data Gathering, Analysis, and Retrieval (EDGAR)
Social media resources
Trust
Job postings
Location
Shodan
Google hacking
Google Hacking Database
Researching networks
HTTrack – clone a website
ICMP Reconnaissance techniques
DNS Reconnaissance techniques
DNS target identification
Maltego – Information Gathering graphs
Nmap
FOCA – website metadata Reconnaissance
Summary
Chapter 3: Server-side Attacks
Vulnerability assessment
Webshag
Skipfish
ProxyStrike
Vega
Owasp-Zap
Websploit
Exploitation
Metasploit
w3af
Exploiting e-mail systems
Brute-force attacks
Hydra
DirBuster
WebSlayer
Cracking passwords
John the Ripper
Man-in-the-middle
SSL strip
Starting the attack – redirection
Setting up port redirection using Iptables
Summary
Chapter 4: Client-side Attacks
Social engineering
Social Engineering Toolkit (SET)
Using SET to clone and attack
MitM Proxy
Host scanning
Host scanning with Nessus
Installing Nessus on Kali
Using Nessus
Obtaining and cracking user passwords
Windows passwords
Mounting Windows
Linux passwords
Kali password cracking tools
Johnny
hashcat and oclHashcat
samdump2
chntpw
Ophcrack
Crunch
Other tools available in Kali
Hash-identifier
dictstat
RainbowCrack (rcracki_mt)
findmyhash
phrasendrescher
CmosPwd
creddump
Summary
Chapter 5: Attacking Authentication
Attacking session management
Clickjacking
Hijacking web session cookies
Web session tools
Firefox plugins
Firesheep – Firefox plugin
Web Developer – Firefox plugin
Greasemonkey – Firefox plugin
Cookie Injector – Firefox plugin
Cookies Manager+ – Firefox plugin
Cookie Cadger
Wireshark
Hamster and Ferret
Man-in-the-middle attack
dsniff and arpspoof
Ettercap
Driftnet
SQL Injection
sqlmap
Cross-site scripting (XSS)
Testing cross-site scripting
XSS cookie stealing / Authentication hijacking
Other tools
urlsnarf
acccheck
hexinject
Patator
DBPwAudit
Summary
Chapter 6: Web Attacks
Browser Exploitation Framework – BeEF
FoxyProxy – Firefox plugin
BURP Proxy
OWASP – ZAP
SET password harvesting
Fimap
Denial of Services (DoS)
THC-SSL-DOS
Scapy
Slowloris
Low Orbit Ion Cannon
Other tools
DNSCHEF
SniffJoke
Siege
Inundator
TCPReplay
Summary
Chapter 7: Defensive Countermeasures
Testing your defenses
Baseline security
STIG
Patch management
Password policies
Mirror your environment
HTTrack
Other cloning tools
Man-in-the-middle defense
SSL strip defense
Denial of Service defense
Cookie defense
Clickjacking defense
Digital forensics
Kali Forensics Boot
Filesystem analysis with Kali
dc3dd
Other forensics tools in Kali
chkrootkit
Autopsy
Binwalk
pdf-parser
Foremost
Pasco
Scalpel
bulk_extractor
Summary
Chapter 8: Penetration Test
Executive Report
Compliance
Industry standards
Professional services
Documentation
Report format
Cover page
Confidentiality statement
Document control
Timeline
Executive summary
Methodology
Detailed testing procedures
Summary of findings
Vulnerabilities
Network considerations and recommendations
Appendices
Glossary
Statement of Work (SOW)
External Penetration Testing
Additional SOW material
Kali reporting tools
Dradis
KeepNote
Maltego CaseFile
MagicTree
CutyCapt
Sample reports
Summary
Index
www.it-ebooks.info
Web Penetration Testing with
Kali Linux
A practical guide to implementing penetration testing
strategies on websites, web applications, and standard
web protocols with Kali Linux.
Joseph Muniz
Aamir Lakhani
BIRMINGHAM - MUMBAI
Web Penetration Testing with Kali Linux
Copyright © 2013 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval
system, or transmitted in any form or by any means, without the prior written
permission of the publisher, except in the case of brief quotations embedded in
critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy
of the information presented. However, the information contained in this book is
sold without warranty, either express or implied. Neither the authors, nor Packt
Publishing, and its dealers and distributors will be held liable for any damages
caused or alleged to be caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the
companies and products mentioned in this book by the appropriate use of capitals.
However, Packt Publishing cannot guarantee the accuracy of this information.
First published: September 2013
Production Reference: 1180913
Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham B3 2PB, UK.
ISBN 978-1-78216-316-9
www.packtpub.com
Cover Image by Karl Moore (karl.moore@ukonline.co.uk)
[ FM-2 ]
www.it-ebooks.info
Credits
Project Coordinator
Anugya Khurana
Proofreaders
Christopher Smith
Clyde Jenkins
Indexer
Monica Ajmera Mehta
Graphics
Ronak Dhruv
Production Coordinator
Aditi Gajjar
Cover Work
Aditi Gajjar
Authors
Joseph Muniz
Aamir Lakhani
Reviewers
Adrian Hayter
Danang Heriyadi
Tajinder Singh Kalsi
Brian Sak
Kunal Sehgal
Nitin.K. Sookun (Ish)
Acquisition Editor
Vinay Argekar
Lead Technical Editor
Amey Varangaonkar
Technical Editors
Pooja Arondekar
Sampreshita Maheshwari
Menza Mathew
[ FM-3 ]
www.it-ebooks.info
About the Authors
Joseph Muniz is a technical solutions architect and security researcher. He started
his career in software development and later managed networks as a contracted
technical resource. Joseph moved into consulting and found a passion for security
while meeting with a variety of customers. He has been involved with the design
and implementation of multiple projects ranging from Fortune 500 corporations to
large federal networks.
Joseph runs TheSecurityBlogger.com website, a popular resources regarding
security and product implementation. You can also find Joseph speaking at live events
as well as involved with other publications. Recent events include speaker for Social
Media Deception at the 2013 ASIS International conference, speaker for Eliminate
Network Blind Spots with Data Center Security webinar, speaker for Making Bring
Your Own Device (BYOD) Work at the Government Solutions Forum, Washington
DC, and an article on Compromising Passwords in PenTest Magazine - Backtrack
Compendium, July 2013.
Outside of work, he can be found behind turntables scratching classic vinyl or on
the soccer pitch hacking away at the local club teams.
This book could not have been done without the support of my
charming wife Ning and creative inspirations from my daughter
Raylin. I also must credit my passion for learning to my brother
Alex, who raised me along with my loving parents Irene and Ray.
And I would like to give a final thank you to all of my friends,
family, and colleagues who have supported me over the years.
[ FM-4 ]
www.it-ebooks.info
Aamir Lakhani is a leading Cyber Security and Cyber Counterintelligence
architect. He is responsible for providing IT security solutions to major commercial
and federal enterprise organizations.
Lakhani leads projects that implement security postures for Fortune 500 companies,
the US Department of Defense, major healthcare providers, educational institutions,
and financial and media organizations. Lakhani has designed offensive counter
defense measures for defense and intelligence agencies, and has assisted organizations
in defending themselves from active strike back attacks perpetrated by underground
cyber groups. Lakhani is considered an industry leader in support of detailed
architectural engagements and projects on topics related to cyber defense, mobile
application threats, malware, and Advanced Persistent Threat (APT) research, and
Dark Security. Lakhani is the author and contributor of several books, and has
appeared on National Public Radio as an expert on Cyber Security.
Writing under the pseudonym Dr. Chaos, Lakhani also operates the DrChaos.com
blog. In their recent list of 46 Federal Technology Experts to Follow on Twitter, Forbes
magazine described Aamir Lakhani as "a blogger, infosec specialist, superhero..., and
all around good guy."
I would like to dedicate this book to my parents, Mahmood and
Nasreen, and sisters, Noureen and Zahra. Thank you for always
encouraging the little hacker in me. I could not have done this without
your support. Thank you mom and dad for your sacrifices. I would
also additionally like to thank my friends and colleagues for your
countless encouragement and mentorship. I am truly blessed to be
working with the smartest and most dedicated people in the world.
[ FM-5 ]
www.it-ebooks.info
About the Reviewers
Adrian Hayter is a penetration tester with over 10 years of experience developing
and breaking into web applications. He holds an M.Sc. degree in Information Security
and a B.Sc. degree in Computer Science from Royal Holloway, University of London.
Danang Heriyadi is an Indonesian computer security researcher specialized
in reverse engineering and software exploitation with more than five years hands
on experience.
He is currently working at Hatsecure as an Instructor for "Advanced Exploit and
ShellCode Development". As a researcher, he loves to share IT Security knowledge
in his blog at FuzzerByte (http://www.fuzzerbyte.com).
I would like to thank my parents for giving me life, without them, I
wouldn't be here today, my girlfriend for supporting me every day
with smile and love, my friends, whom I can't describe one-by-one.
[ FM-6 ]
www.it-ebooks.info
Tajinder Singh Kalsi is the co-founder and Chief Technical Evangelist at Virscent
Technologies Pvt Ltd with more than six years of working experience in the field of
IT. He commenced his career with WIPRO as a Technical Associate, and later became
an IT Consultant cum Trainer. As of now, he conducts seminars in colleges all across
India, on topics, such as information security, Android application development,
website development, and cloud computing, and has covered more than 100 colleges
and nearly 8500 plus students till now. Apart from training, he also maintains a blog
(www.virscent.com/blog), which pounds into various hacking tricks. Catch him
on facebook at—www.facebook.com/tajinder.kalsi.tj or follow his
website—www.tajinderkalsi.com.
I would specially like to thank Krunal Rajawadha (Author
Relationship Executive at Packt Publishing) for coming across me
through my blog and offering me this opportunity. I would also like
to thank my family and close friends for supporting me while I was
working on this project.
Brian Sak, CCIE #14441, is currently a Technical Solutions Architect at Cisco
Systems, where he is engaged in solutions development and helps Cisco partners
build and improve their consulting services. Prior to Cisco, Brian performed security
consulting and assessment services for large financial institutions, US government
agencies, and enterprises in the Fortune 500. He has nearly 20 years of industry
experience with the majority of that spent in Information Security. In addition to
numerous technical security and industry certifications, Brian has a Master's degree
in Information Security and Assurance, and is a contributor to The Center for
Internet Security and other security-focused books and publications.
[ FM-7 ]
www.it-ebooks.info
相关推荐
2023年江西萍乡中考道德与法治真题及答案.doc
2012年重庆南川中考生物真题及答案.doc
2013年江西师范大学地理学综合及文艺理论基础考研真题.doc
2020年四川甘孜小升初语文真题及答案I卷.doc
2020年注册岩土工程师专业基础考试真题及答案.doc
2023-2024学年福建省厦门市九年级上学期数学月考试题及答案.doc
2021-2022学年辽宁省沈阳市大东区九年级上学期语文期末试题及答案.doc
2022-2023学年北京东城区初三第一学期物理期末试卷及答案.doc
2018上半年江西教师资格初中地理学科知识与教学能力真题及答案.doc
2012年河北国家公务员申论考试真题及答案-省级.doc
2020-2021学年江苏省扬州市江都区邵樊片九年级上学期数学第一次质量检测试题及答案.doc
2022下半年黑龙江教师资格证中学综合素质真题及答案.doc
